...Describe the challenges of securing information 2 Objective 2: Define information security and explain why it is important 3 Objective 3: Identify the types of attackers that are common today 5 Hackers 5 Script Kiddies 5 Spies 5 Insiders 5 Cybercriminals 6 Cyberterrorists 6 Objective 4: List the basic steps of an attack 6 Objective 5: Describe the five basic principles of defense 7 Layering 7 Limiting 7 Diversity 7 Obscurity 8 Simplicity 8 Works Cited 8 Chapter 1 Objectives To accomplish the learning objectives for Chapter 1: • I have read all of Chapter 1 in the course textbook (pages 1-39); including understanding the key terms on (pages 28-29). • I have read and answered all of the review questions on (pages 29-32), then compared my decisions with the solutions posted on Canvas, any incorrect answers I corrected and confirmed in the chapter. • I have read and worked through Hands-On Projects 1-1 through 1-4 to facilitate in achieving each of the stated learning objectives. • I have read, worked through and evaluated Case Projects 1-1 through 1-8 on (pages 36-38). • I have participated in all class presentations and discussions about Chapter 1 • I have read through and examined Chapter1 slide presentations. The learning objectives for this chapter are as follows: Objective 1: Describe the challenges of securing information To achieve this objective, I have read in the course textbook (pages 5-11) Challenges of Securing Information including...
Words: 3169 - Pages: 13
...technology is a wide field, and has enabled organizations across the world to work in an efficient manner. It plays a very important role in effective management and running of a business. The use of IT in organizations is inevitable, be it any type of company like manufacturing or medicinal sector. It has contributed largely to the process advancements in organizations. Basic Elements of Information Technology Software and Applications Software is an important part of information technology which relates to computer applications that enable a company to generate, store, program, and retrieve data as and when needed. There are many software developed for different purposes. All operations in the business sector are carried out by software that are assigned for executing specific tasks. Without these computer applications the businesses wouldn't have been able to carry out their functions in a proper and efficient manner. Operating systems, ERPs, special purpose applications, and web browsers are some examples of different software. There are some software which are exclusively built to contribute to the proper collaborative working of all sections of the businesses, which are known as Enterprise Resource Planning (ERP). These are complex applications which enable people to efficiently manage all functions and operations of all processes in the businesses. Hardware Devices These are various computer equipment that house the software. Devices like microcomputers, mid-size...
Words: 2695 - Pages: 11
...United States locations and one location in China. Each location has a recently upgraded its information technology infrastructure including their network hardware and software. Riordan has also kept up with quality standards for its management and manufacturing operations, including following Six Sigma and ISO 9000 quality standards. The Sarbanes-Oxley Act of 2002 requires Riordan to implement some changes to their security processes to ensure compliance with the new law. The Sarbanes-Oxley Act is focused on to the regulation of corporate governance and financial practice, maintaining the security of all financial data and ensuring the systems that access or store financial data and information must be secure to maintain compliance and pass an audit. Team B responded to the service request SR-rm-013 by performing an analysis of Riordan’s current network, data, and web security issues. Team B’s analysis focused on the security of information to ensure Riordan will be able to pass a security audit as a result of the Sarbanes-Oxley Act. After performing the analysis, Team B provided a number of recommendations to improve Riordan’s network, data, and web security at each of their locations. Implementing the recommended improvements will help ensure Riordan maintains the required level of security to ensure the data collected and stored at each location remains available and safe. This is a necessity to support the upcoming...
Words: 2934 - Pages: 12
...Technology creates a system for the collection and processing of data from various sources, and using the information for policy making and management of health services. Health information technology has the potential to enable better care for patients, and to help clinicians achieve continual improvements in the quality of care in primary care settings. Health Information System is critical elements of health system in order to make health-related decisions, then it is essential that we know what health information technology is exactly, and why it has it come to play such an important role in our current health system it is important to identify the importance of each of these components, examine how they interact with one another, and explore their applications in real life. The components of a Health Information System are data, people, processes, information technology, and communication technology. First, data is the third element of an Information System. This is the information part of an information system, and whether that is statistical data, sets of instructions, lists of names or even graphics and animations, data is the key to any Information Technology. Second, the purpose of an information system is to support human intellectual activity. “People are the most important element in most computer-based information systems. They make the difference between success and failure for most organizations. Information systems personnel include all the people who manage...
Words: 868 - Pages: 4
...International Information Systems Security Certification Consortium is specializes in certificates for information Security. It is a non-profit and one of the world’s largest organizations for IT Security. The most common certificate they offer is the Certified Information Systems Security Professional (CISSP). The CISSP is a certification that is recognized worldwide and acknowledges that you are qualified to work in several fields of information security. To obtain the CISSP Certification you must first meet the Requirement. A minimum of 5 years of security work, experience and accept the code of ethics, a background check, and endorsed qualifications are just a few you might expect to have when deciding to take the exam for this certification. Professionals that hold this certification have higher salaries than those who don’t. This would be something to consider if you are starting a career in the Cyber security field. Once your certificate is obtained it will be valid for three years. To renew you must either retake the test or provide 20 Continuing Professional Education (CPE) credits and pay a fee of $85.00 each year. A CPE credit can be earned by taking more classes, teaching, volunteering, and attending conferences. Each hour spent equals one CPE credit. The points earned are more if you publish books or prepare training for others. It consisted of 10 domains until April of 2015 when it was updated to 8 because of the increase in cyber threats...
Words: 2654 - Pages: 11
...Computers, networks, and software are the heart and soul of the IT world today. Because of the availability of those systems, they are very vulnerable to malicious attacks and activity. It is of upmost importance that an organization takes security seriously and takes the proper measures to protect their systems. They can do this through a number of different ways, but one area of focus is through the authentication process and the related hardware and software to go along with it. Identification and Authentication Authentication is the process of the system or program recognizing the user and granting them access, which has been predetermined by access controls. It begins with two major parts; Identification and Authentication. Identification is the process in which the system recognizes the user and gives them access according to Abstract object that are controlled by the administrators of the files and systems. Privileges will be granted based on their user account having been verified. This process is usually a user ID. The system recognized the ID and knows the access right and privileges of that individual that have been verified. The Authentication begins once the user account ID has been identified. This is the process in which the user credentials are actually verified, meaning the specific attributes of their specific user account and authenticated and verified to make sure the access rights are correct. This process uses a password or some sort of credential such...
Words: 2199 - Pages: 9
...11 Testing 11 Implementation 11-12 Maintenance 12-13 Data Management – Data-back-up/Disaster Recovery 13-14 Impact of Implementation 14 Administrative procedures - human and process changes 15-18 Changes in organizational Policy 18-20 Training requirements 20 References 21-22 List of Figures Figure 1-A: Organizational Effectiveness 7 Figure 2-A: Design 9 Figure 3-A: Planning 9 Introduction The organization has been active for ten years and has five fulltime employees and is located in Rehoboth Beach, Delaware, near the outlet malls. They manufacture and sell lightweight boats, surfboards, and body boards in addition to a variety of accessory associated with the sports. The system used to manage the operation is three Dell OptiPlex computers on a wireless network. The Software used is Windows Office 10, specifically Microsoft Access, Excel and Word. The software provides an opportunity to maintain customer account data, address, as well as Suppliers information. The system seemed to evolve with the company’s general updates made to the system to keep it current, secure, and operating. Benefits and Disadvantages The system is great because it is generic, all of the employees are familiar with the software, and when software updates occur, one person takes the lead and after becoming familiar with the changes, trains the...
Words: 3743 - Pages: 15
...that comprise data integrity, confidentiality, and availability of a system. Another security issue for systems is Vulnerabilities in software that can be exploited by people that want to do harm to a system. It’s up to the personnel or team that’s in charge of protecting the system from threats and vulnerabilities. The personnel that secure information technology systems are known as (ISO) Information Security Officer, (IASO) Information Assurance Security Officer, (ISM) Information Security Manager ect. No matter what name the personnel there job is the same to protect information systems. Security Officers will have to set policies that govern the system and create plan on how to handle security threat and vulnerabilities. Security threats can consist of any number issues ranging from physical attack, spoofing, password attacks, identity theft, virus attacks, and Denial of Service attacks, Social Threats, Espionage, malware, spyware, Careless Employees, and hackers. We will disuse all of these threats and ways to prevent them later in the report. In 2010 Kevin Prince, CTO, Perimeter E-Security "As these security threats are becoming more serious and difficult to detect, it is vital for companies to understand what they can do to best protect their systems and information” he also was implying that Information Security Office stay update with changes in Information Technology community. (Prince 2010) Vulnerabilities in computer system are weakness in software. These vulnerabilities...
Words: 2408 - Pages: 10
... both hardware and software, that is necessary for maintaining a stable and accurate support in order to provide information security and assurance, disaster recovery, as well as to avoid service interruption. In any organization, it is important to have an organized list of all assets including hardware and software, as well as licensing. Company-issued laptops, smartphones, tablets, and other mobile devices can be an easy target of cyber attackers. It is ideal to have an organized way of keeping track of company assets (i.e. spreadsheets or database). Quick references such as spreadsheets/workbooks or databases can easily provide reports of asset inventory containing type of equipment, count, value, asset tag information, software license number, license expiration, employee ID to whom assets are issued to, etc. As an employee of any company or organization, the company issued laptops, devices and other peripherals should be the responsibility of the employee that the item(s) is issued to. A stolen laptop could cause the company a huge amount because it does not only require the replacement cost, but has serious security concerns involved. According to Mitnick and Simon, “Even when security is being well handled within a company, there is too often a tendency to overlook the corporate network, leaving an opening that attacker(s) can take advantage of. Laptops and home computers that connect to the internal network must be secure; otherwise, the employee’s computer system...
Words: 2212 - Pages: 9
...Abstract Now that personal computers are pretty much a must have in every household, school, or business cyber-criminals have moved from just being a hacker for fun into an estimated multi-million dollar world of computer crimes. New revenue streams have been realized and viruses in choice Computer crimes encompass unauthorized or illegal activities perpetrated via computer as well as the theft of computers and other technological hardware. As firms of all sizes, industrial orientation, and geographic location increasingly rely on computers to operate, concerns about computer crime have also risen, in part because the practice appears to be thriving despite the concerted efforts of both the law enforcement and business communities to stop it. But computer experts and business consultants alike note that both international corporations and modest family-owned businesses can do a great deal to neutralize computer "viruses" and other manifestations of computer crime. “http://rahimimohammad.blogspot.com/p/law-for-computer-crimesand-economic.html” Many analysts believe, however, that small business owners are less likely to take steps to address the threat of computer crime than are larger firms. Indeed, many small businesses admit that they are passive about the threat because of costs associated with implementing safeguards and the perception that computer "hackers" and other threats are far more likely to pick on bigger companies. But as Tim McCollum flatly stated in Nation's Business...
Words: 4313 - Pages: 18
...TABLE OF CONTENTS Chapter I: System Background A. University Background/Company Background B. Organization Directory C. Objective of the Study D. Theoretical Framework E. Conceptual Framework F. Significance of the Study G. Scope of the Project H. Delimitation of the Study Chapter II: System Plan A. Problem Description 1. Problem Description 2. Anticipated Business Benefits 3. System Capabilities B. Project Schedule 1. Work Breakdown Structure 2. Project Evaluation and Review Techniques C. Project Feasibility 1. Economic Feasibility 2. Technological Feasibility 3. Operational Feasibility 4. Cultural/Political/Organizational Feasibility Chapter III: System Analysis A. Information Gathering Tools and Techniques 1. Questionnaire 2. Interview Guide 3. System Documentation B. Hardware Requirement 1. Event Table 2. Class Diagram 3. Use Case Diagram 4. Use Case Description Chapter IV: System Design A. System Design Model 1. Screen Layout 2. DFD (Data Flow Diagram) 3. ERD (Entity Relationship Diagram) 4. Database Design 5. Table Relationship Diagram 6. Data Dictionary Chapter V: Conclusion and Recommendation A. Conclusion B. Recommendation C. Curriculum Vital CHAPTER I University Background HISTORY OF SHEPHERD GRACE SCHOOL SGS-Shepherd’s Grace School, Inc. is a Catholic School and is open to all religion. It respects personal preferences...
Words: 3231 - Pages: 13
...through. Most, mobile devices that access enterprise data/networks, yet just 14% require hardware encryption, no exceptions. Let’s be clear: Mobile security is data security, and we must do better. By Michael Finneran Report ID: R4720512 Previous Next reports 2012 State of Mobile Security CONTENTS 3 4 5 6 7 9 11 11 15 20 25 26 27 27 30 32 45 Author’s Bio Executive Summary Research Synopsis Lessons Unlearned Mobile Device Policies: BYOD in Full Swing What, Me Worry? Breaking It Down Wi-Fi Policy Guidance Tablet/Smartphone Policy So What Are You Doing About It? Applications and Malware Laptops and Ultrabooks Security-Awareness Training Get Going on a Secure Mobility Initiative Don’t Sit Still Appendix Related Reports 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 TABLE OF Figures 6 Figure 1: Policy on Personal Mobile Device Use? 7 Figure 2: Personal Mobile Device Policy 8 Figure 3: Percentage of Employees Using Mobile Devices 9 Figure 4: Top Mobile Security Concerns 10 Figure 5: Importance of Mobile Security Initiatives 11 Figure 6: Percentage of Mobile Devices Experiencing Security Incidents Figure 7: Securing Wireless LANs Figure 8: Securing Data in Transit Figure 9: Mobile Device Authentication Mechanisms Figure 10: Mobile Device Data Encryption Figure 11: Primary Reason for Not Requiring Data Encryption Figure 12: Regulatory Compliance Figure 13: Storage of Corporate Data on Mobile Devices Figure 14: Mobile Device Management Figure...
Words: 10170 - Pages: 41
...2009 Eighth International Conference on Mobile Business Mobile Forensics in Healthcare Connie Justice, Huanmei Wu Computer & Information Technology Purdue School of Engineering and Technology Indiana University Purdue University Indianapolis 799 W. Michigan St., ET 301 Indianapolis, IN 46202 {cjustice, hw9}@iupui.edu Abstract -- Mobile communication has been heavily applied in the current healthcare system for health information exchange. Patient information security has become a major concern, especially with the wide adoption of electronic medical records. Mobile Forensics has been utilized by law enforcement to systematically procure and preserve mobile evidence. However, the adoption of mobile forensics in the healthcare lags behind. The goal of our project is to examine the options and to provide recommendations for adoption and customization of mobile forensics in the healthcare field. An open-ended survey of local healthcare and related facilities around Indianapolis has been explored to examine the current status of Mobile Forensics in the healthcare field. The results have been evaluated using statistical analysis. A methodology is being proposed that would use mobile forensics procedures taking into account the regulatory measures that have to be instituted due to the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Keywords-mobile forensics, healthcare. Evelyn Walton Informatics Indiana University Purdue University Indianapolis 799 W. Michigan...
Words: 4340 - Pages: 18
...infrastructure used to care for it takes on added importance. We’ll examine all of the components that comprise today’s and tomorrow’s IT infrastructure and how best to manage it. 5.1 IT Infrastructure When you mention the phrase “information technology infrastructure,” most people immediately think of just hardware and software. However, there is more to it than just those two. In fact, the most important and often most-ignored component is that of services. Integrating all three components forces a business to think in terms of the value of the whole and not just the parts. Including all three components in any discussion of IT infrastructure truly fits the cliché that the whole is greater than the sum of its parts. Defining IT Infrastructure If you define a firm’s IT infrastructure in terms of technology you limit the discussion to the hardware and software components. By broadening the definition to that of service-based, you are then bringing into the discussion the services generated by the first two components. Also, you are including the persware element that we discussed in Chapter 1. As technology advances the types of hardware and software available, it becomes more critical for the firm to focus on the services that a firm can provide to its customers, suppliers, employees, and business partners. To round out the list of IT infrastructure components you need to add the following services to computing hardware and software: • Computing services: Provide platforms...
Words: 8576 - Pages: 35
...interested parties and encourage global participation. IEEE standards have a comprehensive listing of working groups but not all have public viewable websites. I will focus on the Information Technology working group with the sub-directory of Software and Systems Engineering. The IEEE Computer Society is the largest association for computer professionals in the world and was founded more than 50 years ago. The Software and Systems Engineering Group/Committee mission is to develop and maintain a family of software and systems engineering standards that are relevant, coherent, comprehensive and effective in use. These standards are developed for use by practitioners, organizations, and educators to improve the effectiveness and efficiency of their software engineering processes, and also to improve communications between acquirers and suppliers and the quality of delivered software and systems containing software. They also work to support and promote a Software Engineering Body of Knowledge, certification mechanisms for software engineering professionals, and other products contributing to the profession of software engineering. Justification of IEEE 802 standard used in networking Looking from the outside it looks simple to connect computers through networks. But with everything in life, there should be rules and standards to follow. One such set of rules for the networking traffic to follow is IEEE802 standards. It was developed by IEEE (Institute of Electrical and Electronics...
Words: 1514 - Pages: 7
